On July 8, 2024, the Israeli Privacy Protection Authority (PPA) published a draft opinion for public comments on transferring information outside Israel, interpreting Regulation 2(4) of the Privacy Protection (Transfers of Data to Databases Abroad) Regulations, 5761-2001.
According to the regulations, personal data can generally only be transferred outside Israel if the destination country ensures a level of data protection equal to Israeli law. However, Regulation 2(4) provides an exception for foreign data recipients that undertake to comply with Israeli data protection terms, with necessary adjustments taken into account.
The draft opinion highlights that the undertaking must include –
- An undertaking to fulfill obligations toward data subjects as stipulated in the Israeli Protection of Privacy Law. This includes the right to access their information, as well as the right to request corrections or deletions
- A commitment to use the information solely for its intended purpose.
- A commitment by the recipient to maintain confidentiality.
- Compliance with any applicable privacy protection laws, including evaluating specific provisions that may limit the transfer of information to a foreign country.
- Ensuring that any third party in the foreign country receiving the information (subject to regulatory conditions) is also obligated to comply with these requirements.
- Adhering to the data security obligations specified in the Privacy Protection Regulations, or alternatively, declaring compliance with the ISO/IEC 27001 security standard and committing to follow the additional provisions of the Data Security Regulations as guided by the authority.
Unrelatedly, the Israeli PPA published a report indicating that Apple and Samsung tracking tags violate users’ privacy by creating a “digital trail” of location data, potentially exposing sensitive information about individuals’ movements. These tags expand tracking infrastructure, raising concerns about personal information leaking to third parties or being misused. Unauthorized individuals can search the network or fake lost device locations, thus compromising privacy.
The PPA recommends several measures for the proper use of this technology –
- Check device settings to see how location data is collected and used. Disable location tracking entirely or enable it only when searching for tracking tags.
- Pay attention to location permissions when installing tracking apps. Grant access only if essential for the tag’s functionality.
- Ensure devices and tracking apps have the latest security and privacy features.
- Use temporary location-sharing features for specific situations instead of granting permanent access.
- Contact the authorities if you find an unknown tracking tag attached to your belongings.
- For Apple users – Recognize the AirTag alert sound for unknown tags nearby. Enable tracking alerts and configure app permissions to allow alerts for “AirTag Moving with You.” Ensure you provide explicit consent for app tracking and grant access only to trusted individuals.
- For Android users – Enable the DULT feature to alert you to suspicious tracking tags. Check and clear your Google location history regularly. Enable two-factor authentication for your Google account for added security. Additionally, install the “Tracker Detect” app to identify Apple’s AirTags and ensure your privacy is protected.
Click here to read the PPA’s draft opinion on the transfer of information outside of Israel (In Hebrew).
Click here to read the PPA’s recommendations on using tracking tags (In Hebrew).